System administrators are critical to the successful and reliable operation of the organization, network operations center, and data center. The system administrator must have experience in the system platform (i.e., Windows and Linux), as well as be aware of multiple areas including networking, backup, data recovery, IT security, database operations, middleware basics, load balancing, and more. Sysadmin tasks are not limited to server administration, maintenance, and repair, but also any functions that support a seamless production environment with minimal (or no) complaints from customers and end users.
Although system administrators have an endless list of responsibilities, some are more important than others. If you work in the role of a system administrator (or meditate on a day), make sure you are prepared to follow these best practices.
Documentation
The documentation is how system administrators keep records of assets, including hardware, software, charges, and licenses. If there are any issues in the production environment, the documentation helps identify hardware, virtual machines, hardware, software, etc., that may be involved.
Hardware inventory
Keep lists of all your physical and virtual servers with the following details:
Operating system: Linux or Windows, hypervisor with versions
RAM: DIMM slots in physical servers
CPU: Logical and virtual CPUs
HDD: Type and size of HDD
External Storage (SAN / NAS): Create and model storage with management IP address and interface IP address
Open Ports: Open ports at the server end for incoming traffic
IP address: Administration and IP address of the interface with VLANs
Engineering devices: for example, Exalogic, PureApp, etc.
Software Inventory
Configured applications: for example, Oracle WebLogic, IBM WebSphere Application Server, Apache Tomcat, Red Hat JBoss, etc.
Third-party software: Any software that does not ship with the installed operating system
License details
Maintain the number and details of the license for physical and virtual servers (VMs), including Windows licenses, Linux subscriptions, and the license limit for the hypervisor host.
Check server health
Run processes: Check which processes are consuming more resources than expected, and take action to adjust applications (with the help of the app team).
CPU Usage: Monitor and constantly check CPU usage for critical process such as "java", "http", "mysql" etc. to make sure that these resources don't consume more CPU resources than expected. If so, coordinate with the app team to check it at the app level and adjust itself. Parallel analysis of OS parameters such as "Ulimits".
Memory usage: Check memory usage and clear the cache, if necessary.
Zombie operations: Check the processes where the PID is still in the process table after it is finished. Zombie's operations hinder server performance, so look for anything that exists.
Load rate: If you're having performance issues, check your average load and adjust your server for performance.
Disk / Storage Area Network (SAN / NAS) usage: Check I / O reports for externally connected volume to track and verify read / write speeds. If you find any problems, coordinate with your storage and network teams immediately to correct them.
Backup and disaster recovery planning
Communicate with the backup team and provide them with data and client priorities for backup. The recommended backup standards for production servers are:
Incremental Backup: Daily, Monday through Friday
Full backup: Saturday and Sunday
Post-disaster recovery exercises: Perform mock recovery exercises once a month (preferably, or quarterly if necessary) with the backup team to ensure that data can be restored in case of a problem.
Patching
Operating system patches for known vulnerabilities should be implemented immediately. There are many types and levels of corrections, including:
Security
critical
Moderate
When issuing a patch, check the details of the bug or vulnerability to see how it is applied to your system (for example, does the vulnerability affect the device in your system?), And take any necessary actions to apply the patches when needed. Be sure to check that your apps are compatible with patches or upgrades.
Application compatibility
Before logging in directly with any app, check that it is compatible with your device and operating system, and make sure you perform a pregnancy test (supported by the app team).
Server hardening
Linux:
Set BIOS password: This prevents users from changing BIOS settings.
Setting a GRUB password: This prevents users from changing the BOUB loader.
Deny root access: Denying root access reduces the likelihood of intrusions.
Sudo users: Make sudo users and assign limited privileges to call commands.
TCP Casings: This is a weapon to protect the server from hackers. Apply an SSH daemon rule to allow only trusted hosts to access the server, and deny all others. Similar rules apply to other services such as FTP, FTP, SSH, etc.
Firewalld / iptables: Configure the firewalld and iptables rules for incoming traffic to the server. Include the specified port, IP source, destination IP address, allow, reject, and reject ICMP requests, etc. for public and private zone.
Antivirus: Install antivirus software and update virus definitions regularly.
Secure records and audits: Check records regularly and when required.
Rotate records: Keep records for a limited period of time, such as "for 7 days", to maintain sufficient disk space for flawless operation.
Windows:
Set BIOS password: This prevents users from changing BIOS settings.
Antivirus: Install antivirus software and update virus definitions regularly.
Configure firewall rules: Prevent unauthorized parties from accessing your systems.
Deny administrator login: Limit users' ability to make changes that will increase the vulnerabilities of your systems.
Use the syslog server
By configuring the syslog server in the environment to keep logs of system and application logs, in the event of any interference or problem, the system administrator can check previous and real-time logs to diagnose and resolve the problem.
Automation
Many system administrator tasks (such as server health checks, resource usage, backup players, file transfers, logs, etc.) must be performed at certain times. Therefore, the system administrator must write scripts or use third-party tools and configure them as cron tasks to perform tasks automatically in a timely manner.
Monitoring tools
Install and configure live monitoring tools such as Nagios, HP, etc., to monitor your IT infrastructure and issue alerts about potential problems.
Conclusion
While these are the most important tasks that the system administrator is responsible for, there is a much more role than the tasks in this list.
For example, the system administrator should coordinate with multiple teams to solve problems, communicate with customers and update them, maintain 100% uptime, hold discussions with the audit team, prepare weekly / monthly / quarterly reports, and continuously monitor servers and services using appropriate tools Maintain the hardware console and respond to any alarms triggered.
A system administrator is always a single point of content (SPOC) in the data center or network operations center for issues related to web hosting, applications, server outages, and other critical IT operations issues.